599e8e8296437bc46038724b5e1e2f0aa5819887affdaddda88676eb12879feb

Sharing

Copy URL Twitter E-mail

General

Target

599e8e8296437bc46038724b5e1e2f0aa5819887affdaddda88676eb12879feb
Size

443KB
MD5

210ee43962ff44c5fc2c457fc918467e
SHA1

272f34971271c541899b4ab04792f253664c9851
SHA256

599e8e8296437bc46038724b5e1e2f0aa5819887affdaddda88676eb12879feb
SHA512

71805b8946a483c3a632e0743c68b914e3058a2f72b3d89c3c22f5639d11346c6c50efc3165bcf4b2bf6d7ecc4ce2bf893969fd6ce02e9a3daab87cc7dc75c91
SSDEEP

6144:9CS1t7S4QUSnl83natVUOERaGZ52gx9dNtz7hLh:oSPk83naiZUg

Score

1^/10

Malware Config

Signatures

Files

599e8e8296437bc46038724b5e1e2f0aa5819887affdaddda88676eb12879feb
.exe windows:4 windows x86

1ae70f55d0c19b5eaa02b32c58723e83

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:69:00:5d:bc:45:70:12:e3:71:66:72:1c:4c:b0:eb
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

12/04/2021, 00:00

Not After

20/04/2022, 23:59

Subject

CN=Beijing Kingsoft Security software Co.\,Ltd,O=Beijing Kingsoft Security software Co.\,Ltd,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3e:ec:c8:3d:c6:67:eb:f5:c8:01:e0:3f:5d:96:af:54:8f:4e:50:23:79:d6:8f:cf:8e:79:b4:53:45:60:d6:af
Signer

Actual PE Digest

3e:ec:c8:3d:c6:67:eb:f5:c8:01:e0:3f:5d:96:af:54:8f:4e:50:23:79:d6:8f:cf:8e:79:b4:53:45:60:d6:af

Digest Algorithm

sha256

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

duilib

?SetResourceDll@CPaintManagerUI@DuiLib@@SAXPAUHINSTANCE__@@@Z
?SetInstance@CPaintManagerUI@DuiLib@@SAXPAUHINSTANCE__@@@Z
?MessageLoop@CPaintManagerUI@DuiLib@@SAXXZ
?GetHWND@CWindowWnd@DuiLib@@QBEPAUHWND__@@XZ
?CenterWindow@CWindowWnd@DuiLib@@QAEXXZ
??1CDuiString@DuiLib@@QAE@XZ
??0CDelegateBase@DuiLib@@QAE@ABV01@@Z
?GetObjectW@CDelegateBase@DuiLib@@IAEPAXXZ
??0CDelegateBase@DuiLib@@QAE@PAX0@Z
?PostMessageW@CWindowWnd@DuiLib@@QAEJIIJ@Z
?Close@CWindowWnd@DuiLib@@QAEXI@Z
??8CDuiString@DuiLib@@QBE_NPB_W@Z
?GetData@CDuiString@DuiLib@@QBEPB_WXZ
?IsSelected@COptionUI@DuiLib@@QBE_NXZ
??0CDialogBuilder@DuiLib@@QAE@XZ
?Create@CDialogBuilder@DuiLib@@QAEPAVCControlUI@2@VSTRINGorID@2@PB_WPAVIDialogBuilderCallback@2@PAVCPaintManagerUI@2@PAV32@@Z
??1CDialogBuilder@DuiLib@@QAE@XZ
?FindSubControl@CContainerUI@DuiLib@@QAEPAVCControlUI@2@PB_W@Z
?SetShowHtml@CLabelUI@DuiLib@@QAEX_N@Z
?SetBkImage@CControlUI@DuiLib@@QAEXPB_W@Z
?GetSizeBox@CPaintManagerUI@DuiLib@@QAEAAUtagRECT@@XZ
?ShowWindow@CWindowWnd@DuiLib@@QAEX_N0@Z
?messageMap@WindowImplBase@DuiLib@@1UDUI_MSGMAP@2@B
??1CDelegateBase@DuiLib@@UAE@XZ
?FindControl@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PB_W@Z
??YCEventSource@DuiLib@@QAEXABVCDelegateBase@1@@Z
?GetPaintWindow@CPaintManagerUI@DuiLib@@QBEPAUHWND__@@XZ
?GetPlugins@CPaintManagerUI@DuiLib@@SAPAVCStdPtrArray@2@XZ
?GetAt@CStdPtrArray@DuiLib@@QBEPAXH@Z
??0CDuiString@DuiLib@@QAE@PB_WH@Z
?Create@CShadowUI@DuiLib@@QAEXPAUHWND__@@PAVCPaintManagerUI@2@@Z
?OnCreate@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?GetShadow@CPaintManagerUI@DuiLib@@QAEPAVCShadowUI@2@XZ
?CopyShadow@CShadowUI@DuiLib@@QAE_NPAV12@@Z
??BCWindowWnd@DuiLib@@QBEPAUHWND__@@XZ
?ParentProc@CShadowUI@DuiLib@@QAGJPAUHWND__@@IIJ@Z
?HandleMessage@WindowImplBase@DuiLib@@UAEJIIJ@Z
??1CShadowUI@DuiLib@@UAE@XZ
?CreateControl@WindowImplBase@DuiLib@@UAEPAVCControlUI@2@PB_W@Z
?MessageHandler@WindowImplBase@DuiLib@@UAEJIIJAA_N@Z
?Notify@WindowImplBase@DuiLib@@UAEXAAUtagTNotifyUI@2@@Z
?GetMessageMap@WindowImplBase@DuiLib@@MBEPBUDUI_MSGMAP@2@XZ
?GetStyle@WindowImplBase@DuiLib@@UAEJXZ
?HandleCustomMessage@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnMouseMove@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnLButtonUp@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnLButtonDown@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnSetFocus@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnKillFocus@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnKeyDown@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnSysCommand@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnChar@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnSize@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnMouseHover@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnMouseWheel@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnGetMinMaxInfo@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnNcHitTest@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnNcPaint@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnNcCalcSize@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnNcActivate@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnDestroy@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnClose@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?GetResourceID@WindowImplBase@DuiLib@@UBEPB_WXZ
?GetZIPFileName@WindowImplBase@DuiLib@@UBE?AVCDuiString@2@XZ
?GetResourceType@WindowImplBase@DuiLib@@UBE?AW4UILIB_RESOURCETYPE@2@XZ
?ResponseDefaultKeyEvent@WindowImplBase@DuiLib@@MAEJI@Z
?OnClick@WindowImplBase@DuiLib@@MAEXAAUtagTNotifyUI@2@@Z
?InitWindow@WindowImplBase@DuiLib@@UAEXXZ
?OnFinalMessage@WindowImplBase@DuiLib@@UAEXPAUHWND__@@@Z
?GetClassStyle@WindowImplBase@DuiLib@@UBEIXZ
?GetSuperClassName@CWindowWnd@DuiLib@@MBEPB_WXZ
??0WindowImplBase@DuiLib@@QAE@XZ
??0CShadowUI@DuiLib@@QAE@XZ
??1WindowImplBase@DuiLib@@UAE@XZ
?Create@CWindowWnd@DuiLib@@QAEPAUHWND__@@PAU3@PB_WKKHHHHPAUHMENU__@@@Z
?SetIcon@CWindowWnd@DuiLib@@QAEXI@Z
?LoadPlugin@CPaintManagerUI@DuiLib@@SA_NPB_W@Z

dgctrl

?StartAnimator@CSystemHelperListUI@@QAEXXZ
?Scale@CDGScaleButtonUI@@QAEXXZ
?SetState@CSystemHelperContainerUI@@QAEXH@Z
?Rotate@CDGRotateImgUI@@QAEX_N@Z
?StartAnimator@CSystemHelperContainerUI@@QAEXXZ
?AddData@CSysHelperRcmdItemData@@QAEXW4RcmdItemType@@URcmdItemDataInfo@@@Z
?EnumSubCtrls@CSysHelperRcmdItemData@@QAEXXZ
?InitPos@CSystemHelperContainerUI@@QAEXXZ

patchcore

ord340

kernel32

GetStartupInfoW
InterlockedCompareExchange
InterlockedExchange
GetVersionExA
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
HeapSize
HeapReAlloc
HeapDestroy
FindResourceExW
CloseHandle
Sleep
GetProcAddress
InterlockedIncrement
InterlockedDecrement
MapViewOfFile
OpenFileMappingW
MapViewOfFileEx
GetLastError
CreateFileMappingW
SetEvent
TerminateProcess
UnmapViewOfFile
GetCommandLineW
WritePrivateProfileStringW
GetModuleHandleW
GetVersionExW
VerifyVersionInfoW
VerSetConditionMask
GetModuleFileNameW
FreeLibrary
GetPrivateProfileIntW
OutputDebugStringW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetPrivateProfileStringW
HeapFree
GetProcessHeap
HeapAlloc
lstrlenW
GetCurrentProcess
LocalFree
OpenProcess
OpenEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleHandleA
TlsAlloc
ReleaseSemaphore
TlsFree
TlsGetValue
WaitForSingleObject
OpenEventA
ResetEvent
TlsSetValue
ResumeThread
SystemTimeToFileTime
WaitForMultipleObjects
SetWaitableTimer
CreateWaitableTimerA
FormatMessageA
LoadResource
LockResource
SizeofResource
CreateEventA
LoadLibraryW
FindResourceW

user32

DefWindowProcW
UpdateLayeredWindow
LoadCursorW
RegisterClassW
CreateWindowExW
GetDC
ReleaseDC
IntersectRect
SetWindowLongW
ShowWindow
FindWindowW
MessageBoxW
DestroyWindow
KillTimer
ScreenToClient
GetClientRect
IsZoomed
UnregisterClassA
UpdateWindow
PtInRect
PostQuitMessage
IsWindow
PostMessageW
SetTimer
GetWindowLongW
GetWindowRect
SetWindowPos
SendMessageW
SetForegroundWindow

gdi32

GetDIBits
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
DeleteDC
CreateDIBSection
GetStockObject
DeleteObject
GetObjectW

advapi32

ChangeServiceConfigW
StartServiceW
ControlService
OpenProcessToken
GetTokenInformation
IsValidSid
RegSetValueExW
RegCreateKeyExW
OpenSCManagerW
OpenServiceW
QueryServiceStatus
CloseServiceHandle
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
QueryServiceConfigW

shell32

SHGetSpecialFolderLocation
ShellExecuteW
SHGetSpecialFolderPathW
SHGetPathFromIDListW

ole32

CoTaskMemFree
CoInitialize
CoInitializeSecurity
CoUninitialize
CoCreateInstance

shlwapi

PathFileExistsW
StrFormatByteSizeW

msvcp80

?max@?$numeric_limits@_J@std@@SA_JXZ
?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
?empty@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE_NXZ
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@@Z
?max@?$numeric_limits@I@std@@SAIXZ
?eq@?$char_traits@_W@std@@SA_NAB_W0@Z
?max@?$numeric_limits@H@std@@SAHXZ
?length@?$char_traits@_W@std@@SAIPB_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?to_char_type@?$char_traits@_W@std@@SA_WABG@Z
??0_Lockit@std@@QAE@H@Z
?id@?$numpunct@_W@std@@2V0locale@2@A
??Bid@locale@std@@QAEIXZ
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z
?_Getcat@?$numpunct@_W@std@@SAIPAPBVfacet@locale@2@@Z
?_Incref@facet@locale@std@@QAEXXZ
?_Register@facet@locale@std@@QAEXXZ
??1_Lockit@std@@QAE@XZ
?max@?$numeric_limits@_K@std@@SA_KXZ
?classic@locale@std@@SAABV12@XZ
??8locale@std@@QBE_NABV01@@Z
??1locale@std@@QAE@XZ
?grouping@?$numpunct@_W@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
?thousands_sep@?$numpunct@_W@std@@QBE_WXZ
?to_int_type@?$char_traits@_W@std@@SAGAB_W@Z
?assign@?$char_traits@_W@std@@SAXAA_WAB_W@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W0@Z
??0?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
??_D?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?max_size@?$allocator@_W@std@@QBEIXZ
?allocate@?$allocator@_W@std@@QAEPA_WI@Z
??0?$allocator@_W@std@@QAE@ABV01@@Z
?deallocate@?$allocator@_W@std@@QAEXPA_WI@Z
??0?$allocator@_W@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?length@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?good@ios_base@std@@QBE_NXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?length@?$char_traits@D@std@@SAIPBD@Z
?width@ios_base@std@@QBEHXZ
?flags@ios_base@std@@QBEHXZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?eof@?$char_traits@D@std@@SAHXZ
?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?width@ios_base@std@@QAEHH@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@F@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??0locale@std@@QAE@XZ

msvcr80

wcspbrk
wcslen
_wcslwr_s
_invalid_parameter_noinfo
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
memcpy_s
wcscmp
memmove_s
??2@YAPAXI@Z
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
_swprintf
_beginthreadex
memset
??_V@YAXPAX@Z
memcpy
wcsncpy_s
_purecall
??0exception@std@@QAE@ABQBDH@Z
wcsrchr
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@PBD@Z
??0bad_cast@std@@QAE@ABV01@@Z
_waccess
_time64
__RTDynamicCast
_wcsicmp
_vscwprintf
vswprintf_s
??8type_info@@QBE_NABV0@@Z
free
?terminate@@YAXXZ
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler4_common
strerror
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
__CxxFrameHandler3
??3@YAXPAX@Z
_gmtime64
wcschr

Sections

.text
Size: 172KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 199KB - Virtual size: 199KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1ae70f55d0c19b5eaa02b32c58723e83

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

61:1c:b2:8a:00:00:00:00:00:26Certificate

Key Usages

0b:69:00:5d:bc:45:70:12:e3:71:66:72:1c:4c:b0:ebCertificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

3e:ec:c8:3d:c6:67:eb:f5:c8:01:e0:3f:5d:96:af:54:8f:4e:50:23:79:d6:8f:cf:8e:79:b4:53:45:60:d6:afSigner

Headers

File Characteristics

Imports

duilib

dgctrl

patchcore

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

msvcp80

msvcr80

Sections

.text Size: 172KB - Virtual size: 170KB

.rdata Size: 56KB - Virtual size: 52KB

.data Size: 8KB - Virtual size: 8KB

.tls Size: 4KB - Virtual size: 2B

Size: 199KB - Virtual size: 199KB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

61:1c:b2:8a:00:00:00:00:00:26
Certificate

0b:69:00:5d:bc:45:70:12:e3:71:66:72:1c:4c:b0:eb
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

3e:ec:c8:3d:c6:67:eb:f5:c8:01:e0:3f:5d:96:af:54:8f:4e:50:23:79:d6:8f:cf:8e:79:b4:53:45:60:d6:af
Signer

.text
Size: 172KB - Virtual size: 170KB

.rdata
Size: 56KB - Virtual size: 52KB

.data
Size: 8KB - Virtual size: 8KB

.tls
Size: 4KB - Virtual size: 2B